IDS mailing list archives
Re: Automated IDS Signature Generator?
From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Wed, 18 Jun 2003 15:38:25 -0400 (EDT)
Is there a utility/function/program that automatically generates an IDS signature based on a recording of a monitored exploit attempt? For
That's a joke, right? :-) I suspect that is provably impossible especially if you will include application exploits and various configuration abuses. The obvious questions are, how would thus "utility" know... 1....what part of the whole network traffic session is indeed malicious (is that the first SYN or what?) 2. ...what part of the malicious traffic session to use for the signature? 3. ...what part will be repeated in the subsequent attacks? I am sure there are more questions pending. Think about it, there is not even a good GUIDE on how to program a HUMAN to do the above task... Best, -- Anton A. Chuvakin, Ph.D., GCI* http://www.chuvakin.org http://www.info-secure.org ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- Automated IDS Signature Generator? quakeroats (Jun 18)
- Re: Automated IDS Signature Generator? Anton A. Chuvakin (Jun 19)
- Re: Automated IDS Signature Generator? Stefano Zanero (Jun 19)
- Re: Automated IDS Signature Generator? Christian Kreibich (Jun 22)
- <Possible follow-ups>
- RE: Automated IDS Signature Generator? Kohlenberg, Toby (Jun 18)
- RE: Automated IDS Signature Generator? Kohlenberg, Toby (Jun 19)